And by the “good” tradition fixes actually contain no fixes 🙂 Interesting thing, that EMC tried to fix this vulnerability for 10 months (“Customers on EMC Documentum Content Server prior to 7.0 with extended support agreement are requested to raise hotfix requests through EMC Customer Support.” sounds weird, doesn’t it?), below is an original conversation about CVE-2014-4626:

The problem is that non-privileged user is able to create dm_job objects and
execute corresponding docbase methods (some examples of “malicious” methods
are given in VRF#HUFU6FNP, also see VRF#HUFV0UZN), the word “create” here
does mean some sequence of commands which result to existence of dm_job
object. PoC in VRF#HUFU6FNP describes attack on scheduler – scheduler does
not schedule jobs unless they are owned by superuser, so, the command
sequence in that case was: “create dm_job and update dm_job”, EMC thinks
that they have fixed vulnerability, but they just fixed the sequence given
in PoC, another sequence is “create dm_sysobject, update dm_sysobject &
change dm_sysobject” – see VRF#HUGC34JH, it’s already known attack, so I
suspect backdoor here. Also, I could provide third PoC related to this
report, but I do not think that would be useful for EMC.